Terraform avec Kubernetes 25 min de lecture

Provider Kubernetes et deploiements

Provider Kubernetes

Le provider Kubernetes permet de gerer les ressources K8s directement depuis Terraform.

Configuration du provider

provider "kubernetes" {
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)

  exec {
    api_version = "client.authentication.k8s.io/v1beta1"
    command     = "aws"
    args        = ["eks", "get-token", "--cluster-name", var.cluster_name]
  }
}

Deployer un Namespace et un Deployment

resource "kubernetes_namespace" "app" {
  metadata {
    name = "mon-application"
    labels = {
      environment = var.environment
    }
  }
}

resource "kubernetes_deployment" "app" {
  metadata {
    name      = "mon-api"
    namespace = kubernetes_namespace.app.metadata[0].name
    labels = {
      app = "mon-api"
    }
  }

  spec {
    replicas = 3

    selector {
      match_labels = {
        app = "mon-api"
      }
    }

    template {
      metadata {
        labels = {
          app = "mon-api"
        }
      }

      spec {
        container {
          image = "mon-api:latest"
          name  = "mon-api"

          port {
            container_port = 8080
          }

          resources {
            limits = {
              cpu    = "500m"
              memory = "256Mi"
            }
            requests = {
              cpu    = "250m"
              memory = "128Mi"
            }
          }
        }
      }
    }
  }
}

Deployer un cluster EKS avec Terraform

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "~> 19.0"

  cluster_name    = "mon-cluster"
  cluster_version = "1.28"

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  eks_managed_node_groups = {
    general = {
      desired_size = 3
      min_size     = 2
      max_size     = 5
      instance_types = ["t3.medium"]
    }
  }
}

Provider Helm

provider "helm" {
  kubernetes {
    host                   = module.eks.cluster_endpoint
    cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)

    exec {
      api_version = "client.authentication.k8s.io/v1beta1"
      command     = "aws"
      args        = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
    }
  }
}

resource "helm_release" "nginx_ingress" {
  name       = "nginx-ingress"
  repository = "https://kubernetes.github.io/ingress-nginx"
  chart      = "ingress-nginx"
  namespace  = "ingress"

  create_namespace = true

  set {
    name  = "controller.replicaCount"
    value = "2"
  }
}
Bonne pratique : Separez la creation du cluster (EKS/GKE/AKS) et le deploiement des applications K8s dans des states differents pour limiter le blast radius.
Connectez-vous pour suivre votre progression Atelier : Terraform et Kubernetes en pratique